EUVD-2026-22063

A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used...

EUVD-2026-22058

A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2026-6198 Tenda F456 NatStaticSetting fromNatStaticSetting stack-based overflow

A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclos...

MAL-2026-2623 Malicious code in hive-setting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 94c174f9e83b72e5aaafbb1587d41384786cd29b4e9b69d097117d8c7b403771 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

Malicious code in hiveos-setting (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36035629c3bde2cc0e1f5c5531cac6c4ece9ff587cc3c85a5e39bcafbded06d9 Clones of legitimate libraries with malicious modifications intended to download malicious remote code. The remote script allows executing arbitrary files...

EUVD-2026-21791

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-28553

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-28553

Technical details are not publicly available in the provided documents. The available sources confirm an improper permission control in the theme setting module, but no specifics on affected products, versions, root cause, or remediation are given here. Monitor for updates.

CVE-2026-28553

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-28553

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2026-28553

Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...

Medium: runc

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

CVE-2026-6134

CVE-2026-6134 affects Tenda F451 with firmware 1.0.0.7_cn_svn7958. The vulnerability is in the fromqossetting function of /goform/qossetting, where manipulating the qos argument causes a stack-based buffer overflow. It is exploitable remotely, with the exploit publicly available; CVSS metrics ind...

CVE-2026-6134 Tenda F451 qossetting fromqossetting stack-based overflow

A security flaw has been discovered in Tenda F451 1.0.0.7cnsvn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The...

PT-2026-32192

Name of the Vulnerable Software and Affected Versions Tenda F451 version 1.0.0.7 cn svn7958 Description A security flaw exists in the fromqossetting function of the /goform/qossetting file in Tenda F451 version 1.0.0.7 cn svn7958. Manipulation of the qos argument can lead to a stack-based buffer...

OESA-2026-1850 golang security update

. Security Fixes: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable...

CVE-2026-33618

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres via the ForwardToWall process. An attacker can inject ANSI escape sequences into user terminals by executing a logger -p emerg command when the relevant configuration is enabled. This is only...

CVE-2026-40223

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...

CVE-2026-40223

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...